OTC now supports stored payment methods for both Square and Stripe users
For those using Authorize.net, this feature is not available yet. Supporting stored cards with Authorize.net currently carries an extremely high annual cost, well into six figures, which makes it impractical for us to offer at this time.
How stored payment methods work in OTC
It is important to clarify that OTC does not store credit card information.
All payment methods are securely stored and tokenized by Stripe or Square, both of which are PCI DSS compliant payment processors. OTC never sees, processes, or stores full card numbers, CVV codes, or other sensitive payment details. We only retain non-sensitive references provided by the payment processor in order to facilitate future transactions.
This approach aligns with:
- PCI DSS standards set by the Payment Card Industry Security Standards Council
- Card network requirements from Visa, Mastercard, American Express, and Discover
- Data protection and consumer privacy regulations in the United States, Canada, the EU, and the UK
Enabling stored payment methods
You can enable this feature under Settings → Payment gateways.
Once enabled, customers will have the option to save their payment method during checkout for future use. Stored payment methods can also be used by staff for future transactions through the OTC console.
We have not yet enabled the ability to make saving a payment method mandatory to complete a transaction. That functionality is planned, but we are currently waiting on final guidance from legal counsel to ensure it is implemented in a way that is fully compliant with:
- PCI standards
- Card network rules
- Consumer protection laws
- International data protection regulations such as GDPR, CCPA/CPRA, and PIPEDA
Customer control and compliance by design
Unlike many booking platforms, OTC was intentionally designed to give customers full control over their stored payment methods.
Customers can log into the OTC customer portal at any time to view:
- Waivers
- Photos
- Game data
- Stored payment methods
Payment methods are stored at the Company Group level, not globally. This means a customer can remove a stored card for one business without affecting any others. This design choice helps ensure compliance with international data minimization and consent requirements.
Even when mandatory card on file is introduced, customers will still be able to remove their stored payment method at any time. As part of that future release, we will likely introduce an optional setting that automatically cancels an active booking if the associated payment method is removed. This mirrors how hotels, rentals, and other reservation-based businesses operate and remains compliant when properly disclosed.
Why this matters
International laws and industry standards generally require that stored payment data:
- Be retained only for legitimate business purposes
- Be removable once that purpose no longer exists
- Be stored by regulated, PCI compliant processors
OTC's implementation was built with these principles in mind from day one.